Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-33296 — AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected dir…

avideo | Remote | Misconfiguration
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
8.2 HIGH
CVE-2026-33295 — AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title`…

avideo | Remote | Cross-Site Scripting
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
5.0 MEDIUM
CVE-2026-33294 — AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resourc…

WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents…

avideo | Remote | Server-Side Request Forgery
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
8.1 HIGH
CVE-2026-33293 — AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Par…

WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php` is passed directly to `unlink()` without any path sanitizati…

avideo | Remote | Path Traversal
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
7.5 HIGH
CVE-2026-33292 — AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Priva…

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`view/hls.php`) is vulnerable to a path traversal attack that allows an unauthenticated attacker to st…

avideo | Remote | Path Traversal
Mar 22, 2026 Mar 23, 2026
Mar 22, 2026
Mar 23, 2026
9.0 HIGH
CVE-2026-4553 — Tenda F453 Parameters Natlimit fromNatlimit stack-based overflow

A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page lea…

f453_firmware f453 | Remote | Memory Corruption
Mar 22, 2026 Apr 02, 2026
Mar 22, 2026
Apr 02, 2026
9.0 HIGH
CVE-2026-4552 — Tenda F453 Parameters VirtualSer fromVirtualSer memory corruption

A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of th…

f453_firmware f453 | Remote | Memory Corruption
Mar 22, 2026 Apr 02, 2026
Mar 22, 2026
Apr 02, 2026
9.0 HIGH
CVE-2026-4551 — Tenda F453 Parameters SafeClientFilter fromSafeClientFilter memory corruption

A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a ma…

f453_firmware f453 | Remote | Memory Corruption
Mar 22, 2026 Apr 02, 2026
Mar 22, 2026
Apr 02, 2026
Showing 20 of 6048 Results